Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

The clock is ticking... advice? [OWA]

Status
Not open for further replies.
AllUserNamesAreTaken

AllUserNamesAreTaken

IS-IT--Management
Jan 17, 2005
149
GB
Well hello.

After my last episode of "route tables" I dread to think that I'll get any help regarding this question - LOL!

Well, the scenario is that I've got my Exchange Server up and running, and all is well. It works great, sends mail from clients, receives mail from the Internet, etc, you get the picture.

Now.. I tried OWA and I got that working too. Great I may add. However I was plugging the RJ45 cable directly into the server (I can see some of you gasping already!). This was only for a test mind you and the server is not live yet. :)

Right, so.. OWA. What's the suggested way to allow users to use OWA without any security vulnerabilities?

I mean, should I buy a copy of MS ISA Server? Or should I just leave my RJ45 cable plugged directly into the router with an external Internet IP address?

I am really after some serious advice as how to set up incoming users to use the facility of OWA.

Give it your best shot, and if anyone requires any topology of my network, please do not hesitate to ask.

PS. Any response is muchly greatful.

Regards,

Ian.
 
Sort by date Sort by votes
forward port 443 to the server from your router. Install an SSL certificate on the server, enable Forms Based Authentication, and require the SSL. Users can then access OWA by https - this keeps it more secure.

You could do ISA if you want an extra layer.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
Hold your horses!

Forwarind ports has become my speciality. o problem. So that's sorted, however, please bear in mind my knowledge of Exchange is about 4 installs of "fettling with" ! (And reading a great sodding manual!)

At the moment I've got a clean Server, with Windows 2003 installed and a fresh installation of Exchange + SP2.

When you say "Install an SSL certificate" does that mean you have to create your own certificate and then give the certificate to clients on a disk?

Apologies for my lack of knowledge regarding Exchange.

ISA was just something I read about and downloaded as a trial, but the BETA doesn't want to install. I blame Microsoft - Yet another product that claims to work wonders for your network.

How do I enable Forms Based Authentication? and regarding Anonymous logins, should these be turned off?

I know I'm asking a lot (I am a pain, I know), but can you give me an example walkthrough?
 
Upvote 0 Downvote
You really should read through the guides at and what you're asking takes a lot of explaining :p

My setup is ISA2004 is publishing OWA/OMA/EAS that sits on a front-end server. ISA sits between our DMZ and internal network, the FE/BE sits on the internal network.

The main reason for using ISA is authentication of client connections is done on the ISA box, not on your Exchange boxes. Letting unauthenticated connections straight to your internal servers is a security hole (although IMO not a massive one).

Configuring OWA to use SSL (which is almost a requirement to maintain basic security) requires you either create a self-signed certificate in which case people connecting to your OWA will get a warning message that the cert is untrusted, if they choose to trust it they won't get the prompt the next time. Or you can buy a 3rd party cert from somewhere like VeriSign and as browsers come pre-configured with cert chains for these it's already trusted so you won't get any warnings.

If you're using ISA you also should use another cert between the ISA servers and Exchange FE so this traffic is encrypted, this can be self signed though as you import the cert to both those servers and they're the only ones that use it.
 
Upvote 0 Downvote
Nick, thanks.

I have been reading the guides in the interim, in which my knowledge of Exchange is growing very rapidly.

You see, it's mainly security where my confusion lies.

I need users to be able to access OWA from any PC in the world, any time of the year. I'd say at any one point there would never be more than 3 users connected.

At the moment, my current mailserver (SLMail) is plugged directly into the net with an extenral IP address, using IIS 5. Never had any problems (3½ years).

I'll have a read and get back.

Cheers.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
3K
ponoodle
ponoodle
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
2K
david jackson
david jackson
DrB0b
  • Locked
  • Question
Issue removing large deleted items folder's contents
Replies
1
Views
3K
DrB0b
DrB0b
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
3K
garysm
garysm

Part and Inventory Search

Sponsor

Back
Top